2017-08-22 13:47:15 +02:00
|
|
|
This version of OpenVPN has mbed TLS support. To enable follow the following
|
2011-07-01 14:15:11 +02:00
|
|
|
instructions:
|
|
|
|
|
|
|
|
To Build and Install,
|
|
|
|
|
2017-08-22 13:47:15 +02:00
|
|
|
./configure --with-crypto-library=mbedtls
|
2011-07-01 14:15:11 +02:00
|
|
|
make
|
|
|
|
make install
|
|
|
|
|
2017-08-22 13:47:15 +02:00
|
|
|
This version depends on mbed TLS 2.0 (and requires at least 2.0.0).
|
2011-07-05 13:09:13 +02:00
|
|
|
|
2011-07-01 14:15:11 +02:00
|
|
|
*************************************************************************
|
|
|
|
|
2022-02-17 15:27:56 +01:00
|
|
|
Warning:
|
|
|
|
|
|
|
|
As of mbed TLS 2.17, it can be licensed *only* under the Apache v2.0 license.
|
|
|
|
That license is incompatible with OpenVPN's GPLv2.
|
|
|
|
|
|
|
|
If you wish to distribute OpenVPN linked with mbed TLS, there are two options:
|
|
|
|
|
|
|
|
* Ensure that your case falls under the system library exception in GPLv2, or
|
|
|
|
|
|
|
|
* Use an earlier version of mbed TLS. Version 2.16.12 is the last release
|
|
|
|
that may be licensed under GPLv2. Unfortunately, this version is
|
|
|
|
unsupported and won't receive any more updates.
|
|
|
|
|
|
|
|
If nothing changes about the license situation, mbed TLS support may be
|
|
|
|
deprecated in a future release of OpenVPN.
|
|
|
|
|
|
|
|
*************************************************************************
|
|
|
|
|
2017-08-22 13:47:15 +02:00
|
|
|
Due to limitations in the mbed TLS library, the following features are missing
|
|
|
|
in the mbed TLS version of OpenVPN:
|
2011-07-01 14:15:11 +02:00
|
|
|
|
|
|
|
* PKCS#12 file support
|
2011-07-05 13:09:13 +02:00
|
|
|
* --capath support - Loading certificate authorities from a directory
|
2011-07-01 14:15:11 +02:00
|
|
|
* Windows CryptoAPI support
|
2011-07-05 13:09:13 +02:00
|
|
|
* X.509 alternative username fields (must be "CN")
|
|
|
|
|
|
|
|
Plugin/Script features:
|
2011-07-01 14:15:11 +02:00
|
|
|
|
2011-07-05 13:09:13 +02:00
|
|
|
* X.509 subject line has a different format than the OpenSSL subject line
|
|
|
|
* X.509 certificate export does not work
|
|
|
|
* X.509 certificate tracking
|